×
Community Blog Accelerate Your Application using Global Acceleration with Source IP Address Persistence

Accelerate Your Application using Global Acceleration with Source IP Address Persistence

Learn how you can quickly set up Global Acceleration with Source IP Address Persistence so that your application can have better access in China.

Alibaba Cloud offers the Global Acceleration service to help enterprises to improve the quality and speed access to their application from Mainland China. In short, this product is meant to help to mitigate the issues that many multinational and international companies and brands may face as they redirect Chinese users to web applications or mobile apps hosted elsewhere in the world.

Alibaba Cloud's Global Acceleration service can be extremely helpful to many international companies, as setting up services in China may not be an option for them at least temporarily, as going through the process of setting up web services in Mainland China can be lengthy with the application process taking at least one month. Luckily, for this, Alibaba Cloud also offers comprehensive solutions and guidance to help customers enter China. Check out Alibaba Cloud's China Gateway solution, and also check out the ICP filing page for more information about the requirements involved with setting up services in China.

In the meantime, why not start using Global Acceleration to reach your Chinese userbase first? In this tutorial, we're going to help you get started bring your services to China quickly by using Global Acceleration with Source IP Address Persistence. This tutorial can be completed in a matter of just 30 minutes.

Setting up Your Global Acceleration Instance

For this tutorial, you should already have an website that can be accessed through the Internet. For this purpose, I created a website hosted on an Alibaba Cloud Elastic Compute Service (ECS) instance, located in Hong Kong. As a general recommendation, consider hosting your website on Alibaba Cloud. Doing so will make this process even easier. You can access my example website here.

1

Now it's time to work on providing the global acceleration service for your website. Since the product is just launched and still in Beta, you may need to click "Apply for Beta" in the Global Acceleration Product Page. After the approval, log on to the Alibaba Cloud international console, go to Global Acceleration console and click Create Instance.

2

3

In this example, I purchased the Small I instance type. For your reference, below are the six instance types supported by Global Acceleration service. Choose whichever instance best matches your needs.

4

5

After purchasing the instance, you should see one instance in the Global Acceleration console.

Next we will need to purchase the acceleration bandwidth between China and the server where your website is hosted. For me, that's Hong Kong. Next, in the Global Acceleration console, click Configure Basic Bandwidth Plan.

6

A page will show up similar to the one below. On it, you'll need to click Buy Basic Bandwidth Plan.

7

For a domain without an ICP Filing, you'll need to choose the Premium Bandwidth option. You'll also need to set your peak bandwidth and duration. Once you're all finished, click Buy Now.

8

After purchasing the plan, you should see the Advanced Bandwidth instance in the console .

9

Now, it's time to work on the configuration. To start off, navigate yourselve to the Instances area from the left-side navigation pane and click Configure Basic Bandwidth Plan.

10

Choose the Bandwidth plan that we just purchased and then click OK.

11

Now that that's done, the Global Acceleration instance is ready, so we can carry on to configure the Listeners, by clicking Configure Listeners.

12

As part of the configuration process, you'll need to specify the Listener name. For the protocol field, choose TCP and for the port enter 80. Once everything's complete, click OK.

13

On this page, specify the Endpoint Group Name, also select the Region. For me, this is Hong Kong and input the original domain name, which again for me is nginx.alibabacloudhk.com, and last choose a weight of 100, and then click Next.

14

Finally, review the setup summary and then click Next to complete the setup process.

15

Now, we can continue to test the accelerated application very soon. When you see the Status is Active (with a green check mark), you can click the Global Acceleration instance ID to view its details.

16

On the details page to appear, you should see the instance's basic information, including the CNAME that is generated. Next, we'll need to click Add Acceleration Area to complete the setup.

17

For this part, choose your Acceleration area and region. For me, this is Asia Pacific and Hong Kong. Also, allocate the Bandwidth to your instance, and then click OK. This part of the setup will assign an accelerated IP address in your selected region, and let your China users connect to it to be able to connect to your application.

18

19

After a few minutes, you should see an accelerated IP generated for you, you can also use the CNAME to resolve the same IP as well. We can now modify the DNS or host table to do the test. To do so, set up the host table in the PC and set following 47.52.205.230 nginx.alibabacloudhk.com, for example.

20

This verifies that the acceleration IP is working, meaning that your application also works normally.

Setting up Source IP Address Persistence

In the previous section, we shown how to purchase and configure the GA instance to make your application work, however, since Global Acceleration involves TCP proxy redirection, one question that remains is how to keep the source IP address persistence. Doing so is important because this is a common practice and standard, especially in the finance industry. Well, to do this, you'll need to set up source IP address persistence (But you will need to talk with your account BD/SA first, as this feature may need to be whitelisted). The setup is actually quite easy. You can start things off by checking the IP address of your computer. For this, you can use the free tool at this website.

21

So now that we know what our IP address is, we want our IP address to be seen in the orginal Nginx Server. Let's double check what's going on in the access log. For this, use the command tail -f /var/log/nginx/access.log.

22

What we can see from the access log is that the Global Acceleration instance used a back-to-source IP address, which happens not to be the Client IP address. The numbers are different. We are going to resolve this issue now with the below steps. Global Acceleration implemented the standard "Proxy-Protocol", so what we need to implement this in the Nginx server. You can learn more about doing this here. The configuration is simple, all you need to do is modify the nginx configuration file, /etc/nginx/nginx.conf by adding the following three lines:

listen       80 proxy_protocol;
set_real_ip_from 47.0.0.0/8;
real_ip_header proxy_protocol;

23

After doing that, try accessing the website again, and check what the IP addres is. You should able to get the Original IP in the access log now.

24

Next, you can monitor the traffic, and the concurrent sessions information in the console

25

If you have any issues, don't hesitate to contact your Client Business Manager or Solutions Architect or submit a service ticket.

0 0 0
Share on

Thomas KW Poon

2 posts | 3 followers

You may also like

Comments

Thomas KW Poon

2 posts | 3 followers

Related Products